Archive

Category Archives for "Networking"

Getting Cloudflare Tunnels to connect to the Cloudflare Network with QUIC

Getting Cloudflare Tunnels to connect to the Cloudflare Network with QUIC
Getting Cloudflare Tunnels to connect to the Cloudflare Network with QUIC

I work on Cloudflare Tunnel, which lets customers quickly connect their private services and networks through the Cloudflare network without having to expose their public IPs or ports through their firewall. Tunnel is managed for users by cloudflared, a tool that runs on the same network as the private services. It proxies traffic for these services via Cloudflare, and users can then access these services securely through the Cloudflare network.

Recently, I was trying to get Cloudflare Tunnel to connect to the Cloudflare network using a UDP protocol, QUIC. While doing this, I ran into an interesting connectivity problem unique to UDP. In this post I will talk about how I went about debugging this connectivity issue beyond the land of firewalls, and how some interesting differences between UDP and TCP came into play when sending network packets.

How does Cloudflare Tunnel work?

Getting Cloudflare Tunnels to connect to the Cloudflare Network with QUIC

cloudflared works by opening several connections to different servers on the Cloudflare edge. Currently, these are long-lived TCP-based connections proxied over HTTP/2 frames. When Cloudflare receives a request to a hostname, it is proxied through these connections to the local service behind cloudflared.

While our HTTP/2 protocol mode works great, we’d like to improve a Continue reading

Arm creates virtual IoT chips to accelerate development

It can take years for a CPU to go from design to silicon, so Arm is helping developers get a jump on things by putting virtual models of its chip designs in the cloud. The virtual models will allow developers to write and test applications before the actual silicon ships.Dubbed Arm Total Solutions for IoT, the project is a full-stack solution intended for Internet of Things applications and use cases. Arm says the early access for developers, OEMs and service providers, as well as the reduction in product design cycles, could accelerate deployments by up to two years.Arm doesn’t make chips the way Intel and AMD do. It makes designs and licenses them to more than 800 OEMs, which are responsible for everything from embedded devices to servers. Once Arm releases the basic chip design to its partners, the partners then add their own IP to differentiate from the competition, which takes time.To read this article in full, please click here

Do We Need Multiple Global IPv6 Addresses Per Interface (RFC 7934)

I was happily munching popcorn while watching the latest season of Lack of DHCPv6 on Android soap opera on v6ops mailing list when one of the lead actors trying to justify the current state of affairs with a technical argument quoted an RFC to prove his rightful indignation with DHCPv6 and the decision not to implement it in Android:

[…not having multiple IPv6 addresses per interface…] is also harmful for a variety of reasons, and for general purpose devices, it’s not recommended by the IETF. That’s exactly what RFC 7934 is about - explaining why it’s harmful.

If you’re new to this discussion, you might want to start with Why Does DHCPv6 Matter blog post

Python Script Pulling AWS IP Prefixes – Part 1

I have been playing around with Python lately with the goal of building basic skills in it. I have found that to make good progress what works best for me is:

  • Have a project that I find interesting to work on
  • Spend a little time every day on the project

The project I decided on was to get the IP addresses that AWS uses for their services, build an access-list based on these prefixes, and then configure a Cisco ASA with that access-list. The final result looks like this:

Python AWS prefix getter

In a series of blog posts, I will cover how I built this script. Keep in mind that my focus was to get a script that works and then improve on it. I have some plans for getting an experienced Python coder to go through the code with me and to work on improvements. Stay tuned for that!

As with any coding project, you need to come up with some general guidelines on how to get data and what is good enough. These are some of the considerations I had:

  • I will get the configuration needed from a YAML file rather than a CLI (good enough for Continue reading

Zero Trust — Not a Buzzword

Zero Trust — Not a Buzzword
Zero Trust — Not a Buzzword

Over the last few years, Zero Trust, a term coined by Forrester, has picked up a lot of steam. Zero Trust, at its core, is a network architecture and security framework focusing on not having a distinction between external and internal access environments, and never trusting users/roles.

In the Zero Trust model, the network only delivers applications and data to authenticated and authorised users and devices, and gives organisations visibility into what is being accessed and to apply controls based on behavioural analysis. It gained popularity as the media reported on several high profile breaches caused by misuse, abuse or exploitation of VPN systems, breaches into end-users’ devices with access to other systems within the network, or breaches through third parties — either by exploiting access or compromising software repositories in order to deploy malicious code. This would later be used to provide further access into internal systems, or to deploy malware and potentially ransomware into environments well within the network perimeter.

When we first started talking to CISOs about Zero Trust, it felt like it was just a buzzword, and CISOs were bombarded with messaging from different cybersecurity vendors offering them Zero Trust solutions. Recently, another term, SASE (Secure Continue reading

Aruba switch can cut the need for separate, single-function appliances

Hewlett Packard Enterprise company Aruba is taking the wraps of a new flagship data-center switch aimed at helping to better control and secure hybrid-cloud traffic in the enterprise.The Aruba CX 10000 Series switch is a top-of-rack, L2/3 data-center box with 3.2Tbps of switching capacity, 48 ports of line rate 10/25GbE and six 40/100GbE ports, the company says. But its most intriguing component is an integrated Elba programmable data processing unit (DPU) from Pensando that helps eliminate the need for separate appliances for security and load balancing, for example.The 10 most powerful companies in enterprise networking 2021 Pensando is a startup lead by a crew of ex-Cisco stars including its chairmen of the board, former Cisco CEO John Chambers. Others leaders of the company include former Cisco engineering icons Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani, collectively known as MPLS based on their first initials. The MPLS group has founded a number of companies that were spun back into Cisco during Chamber’s time as CEO including Andiamo Systems for SAN switching, Nuova Systems for data-center switching and Insieme Networks for software-defined networking systems.To read this article in full, please click here

Aruba switch can cut the need for separate, single-function appliances

Hewlett Packard Enterprise company Aruba is taking the wraps of a new flagship data-center switch aimed at helping to better control and secure hybrid-cloud traffic in the enterprise.The Aruba CX 10000 Series switch is a top-of-rack, L2/3 data-center box with 3.2Tbps of switching capacity, 48 ports of line rate 10/25GbE and six 40/100GbE ports, the company says. But its most intriguing component is an integrated Elba programmable data processing unit (DPU) from Pensando that helps eliminate the need for separate appliances for security and load balancing, for example.The 10 most powerful companies in enterprise networking 2021 Pensando is a startup lead by a crew of ex-Cisco stars including its chairmen of the board, former Cisco CEO John Chambers. Others leaders of the company include former Cisco engineering icons Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani, collectively known as MPLS based on their first initials. The MPLS group has founded a number of companies that were spun back into Cisco during Chamber’s time as CEO including Andiamo Systems for SAN switching, Nuova Systems for data-center switching and Insieme Networks for software-defined networking systems.To read this article in full, please click here

Gartner: 8 security trends facing the enterprise

As organizations become less centralized they face new security challenges that require new ways of addressing threats that will change the basic fabric of network security, according to Gartner analysts.A persistent challenge adapting to these changes is the skills gap--finding IT pros with the technical know-how to meet evolving security issues, Peter Firstbrook, Gartner vice president and anayst told attendees at Gartner IT Symposium/Xpo 2021 Americas.Gartner: IT skills shortage hobbles cloud, edge, automation growth “Cybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies, and if they don’t have those skilled practitioners they move toward managed or cloud-delivered services where they might not have as much control as they’d like,” Firstbrook said.To read this article in full, please click here

Gartner: 8 security trends facing the enterprise

As organizations become less centralized they face new security challenges that require new ways of addressing threats that will change the basic fabric of network security, according to Gartner analysts.A persistent challenge adapting to these changes is the skills gap--finding IT pros with the technical know-how to meet evolving security issues, Peter Firstbrook, Gartner vice president and anayst told attendees at Gartner IT Symposium/Xpo 2021 Americas.Gartner: IT skills shortage hobbles cloud, edge, automation growth “Cybersecurity teams are being asked to secure countless forms of digital transformation and other new technologies, and if they don’t have those skilled practitioners they move toward managed or cloud-delivered services where they might not have as much control as they’d like,” Firstbrook said.To read this article in full, please click here

Backwards-compatibility in Cloudflare Workers

Backwards-compatibility in
Cloudflare Workers
Backwards-compatibility in
Cloudflare Workers

Cloudflare Workers is our serverless platform that runs your code in 250+ cities worldwide.

On the Workers team, we have a policy:

A change to the Workers Runtime must never break an application that is live in production.

It seems obvious enough, but this policy has deep consequences. What if our API has a bug, and some deployed Workers accidentally depend on that bug? Then, seemingly, we can't fix the bug! That sounds… bad?

This post will dig deeper into our policy, explaining why Workers is different from traditional server stacks in this respect, and how we're now making backwards-incompatible changes possible by introducing "compatibility dates".

TL;DR: Developers may now opt into backwards-incompatible fixes by setting a compatibility date.

Serverless demands strict compatibility

Workers is a serverless platform, which means we maintain the server stack for you. You do not have to manage the runtime version, you only manage your own code. This means that when we update the Workers Runtime, we update it for everyone. We do this at least once a week, sometimes more.

This means that if a runtime upgrade breaks someone's application, it's really bad. The developer didn't make any change, so won't be watching for Continue reading

Graceful Restart and BFD

The whole High Availability Switching series started with a question along the lines of “does it make sense to run BFD together with Graceful Restart”. After Non-Stop Forwarding 101, Graceful Restart 101, and Graceful Restart and Convergence Speed we finally have enough information to answer that question.

TL&DR: Most probably not.

A more nuanced answer depends (as always) on a gazillion implementation details.

Using the xargs command on Linux to simplify your work

The xargs command on Linux can make it easier to build and execute commands. If you want to run the same command for a group of files or users, xargs can often make that process easier. Here's a very simple example of xargs that creates or updates the update time on some files.$ echo file1 file2 file3 | xargs touch $ ls -l total 0 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file1 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file2 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file3 The command below is similar, but creates a file with blanks in its name because the -d specifies the input termination character.To read this article in full, please click here

Using the xargs command on Linux to simplify your work

The xargs command on Linux can make it easier to build and execute commands. If you want to run the same command for a group of files or users, xargs can often make that process easier. Here's a very simple example of xargs that creates or updates the update time on some files.$ echo file1 file2 file3 | xargs touch $ ls -l total 0 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file1 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file2 -rw-r--r--. 1 shs shs 0 Oct 15 12:41 file3 The command below is similar, but creates a file with blanks in its name because the -d specifies the input termination character.To read this article in full, please click here

Gartner: Top strategic technology trends for 2022

Digital investments, be they in AI, cloud, security, or engineering, will be among the top technology drivers for 2022, according to Gartner’s annual forecast of what it expects will be leading strategic IT trends.Gartner: IT skills shortage hobbles cloud, edge, automation growth “It is an overarching drive for organizations to do more with and scale the digital environments they have been rapidly developing during the pandemic,” said David Groombridge, research vice president at Gartner. “Most of these trends define technologies that together show how  businesses will reconnect  with partners and consumers to create scalable, resilient technical foundations for the future.” Gartner unwrapped its forecast at its virtual IT Symposium/Xpo Americas this week.To read this article in full, please click here

Gartner: Top strategic technology trends for 2022

Digital investments, be they in AI, cloud, security, or engineering, will be among the top technology drivers for 2022, according to Gartner’s annual forecast of what it expects will be leading strategic IT trends.Gartner: IT skills shortage hobbles cloud, edge, automation growth “It is an overarching drive for organizations to do more with and scale the digital environments they have been rapidly developing during the pandemic,” said David Groombridge, research vice president at Gartner. “Most of these trends define technologies that together show how  businesses will reconnect  with partners and consumers to create scalable, resilient technical foundations for the future.” Gartner unwrapped its forecast at its virtual IT Symposium/Xpo Americas this week.To read this article in full, please click here

Crawler Hints Update: Cloudflare Supports IndexNow and Announces General Availability

Crawler Hints Update: Cloudflare Supports IndexNow and Announces General Availability
Crawler Hints Update: Cloudflare Supports IndexNow and Announces General Availability

In the midst of the hottest summer on record, Cloudflare held its first ever Impact Week. We announced a variety of products and initiatives that aim to make the Internet and our planet a better place, with a focus on environmental, social, and governance projects. Today, we’re excited to share an update on Crawler Hints, an initiative announced during Impact Week. Crawler Hints is a service that improves the operating efficiency of the approximately 45% of Internet traffic that comes from web crawlers and bots.

Crawler Hints achieves this efficiency improvement by ensuring that crawlers get information about what they’ve crawled previously and if it makes sense to crawl a website again.

Today we are excited to announce two updates for Crawler Hints:

  1. The first: Crawler Hints now supports IndexNow, a new protocol that allows websites to notify search engines whenever content on their website content is created, updated, or deleted. By collaborating with Microsoft and Yandex, Cloudflare can help improve the efficiency of their search engine infrastructure, customer origin servers, and the Internet at large.
  2. The second: Crawler Hints is now generally available to all Cloudflare customers for free. Customers can benefit from these more Continue reading
1 2 3 2,856